Commit aad91c23 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Add function to test artefact republish permissions when viewing views

parent c54107c6
......@@ -41,7 +41,7 @@ class PluginBlocktypeImage extends PluginBlocktype {
}
public static function render_instance(BlockInstance $instance) {
require_once(get_config('docroot') . 'artefact/lib.php');
//require_once(get_config('docroot') . 'artefact/lib.php');
$configdata = $instance->get('configdata'); // this will make sure to unserialize it for us
$configdata['viewid'] = $instance->get('view');
......@@ -49,7 +49,8 @@ class PluginBlocktypeImage extends PluginBlocktype {
// render_self
$result = '';
if (isset($configdata['artefactid'])) {
$image = artefact_instance_from_id($configdata['artefactid']);
//$image = artefact_instance_from_id($configdata['artefactid']);
$image = $instance->get_artefact_instance($configdata['artefactid']);
if ($image instanceof ArtefactTypeProfileIcon) {
$src = get_config('wwwroot') . 'thumb.php?type=profileiconbyid&id=' . $configdata['artefactid'];
......
......@@ -640,6 +640,26 @@ class BlockInstance {
}
}
/**
* Get an artefact instance, checking republish permissions
*/
public function get_artefact_instance($id) {
require_once(get_config('docroot') . 'artefact/lib.php');
$a = artefact_instance_from_id($id);
$viewowner = $this->get_view()->get('owner');
$group = $a->get('group');
if ($viewowner && $group) {
// Only group artefacts can have artefact_access_role & artefact_access_usr records
if (!count_records_sql("SELECT COUNT(ar.can_republish) FROM {artefact_access_role} ar
INNER JOIN {group_member} g ON ar.role = g.role
WHERE ar.artefact = ? AND g.member = ? AND g.group = ? AND ar.can_republish = 1", array($a->get('id'), $viewowner, $group))
and !record_exists('artefact_access_usr', 'usr', $viewowner, 'artefact', $a->get('id'), 'can_republish', 1)) {
throw new ArtefactNotFoundException(get_string('artefactnotpublishable', 'mahara', $id, $this->get_view()->get('id')));
}
}
return $a;
}
}
......
......@@ -483,6 +483,7 @@ $string['noeditpermission'] = 'You do not have permission to edit this artefact'
$string['Permissions'] = 'Permissions';
$string['republish'] = 'Publish';
$string['view'] = 'View';
$string['artefactnotpublishable'] = 'Artefact %s is not publishable in view %s';
$string['belongingto'] = 'Belonging to';
$string['allusers'] = 'All users';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment